Skip to main content

Stop drowning in CVEs.
Focus on what matters.

200+ CVEs drop daily. vuln.today uses AI to tell you which ones affect your stack, how urgent they are, and what to do - in minutes, not days.

Live stats
67,836
Total CVEs tracked
17+
Data sources
845
This week
85 CRITICAL 310 HIGH 368 MEDIUM 82 LOW
Last 30 days
No credit card Privacy-first 30-second setup 90-day free trial

Create your free account

Join security professionals who track smarter, not harder.

or
Two-factor authentication

Enter the 6-digit code from your authenticator app, or a backup code.

Secured by Google Firebase Authentication

By signing up you agree to our Terms and Privacy Policy.

Your personal security cockpit

Everything you need to track, triage, and fix vulnerabilities.

Personal Feed & Watchlist

Watch 500+ vendor, product, and technique tags. Your feed filters 200+ daily CVEs down to the ones that matter to you.

AI-Powered Analysis

Every CVE gets a plain-language summary, priority score (0-150+), and a decision label: Emergency, Act Now, This Week, or Monitor.

Stack Monitoring

Upload package.json, requirements.txt, go.mod, or pom.xml. Get alerted when a CVE hits your exact dependency version - with fix commands.

Slack & Email Alerts

Real-time Slack Block Kit cards or email digests. Configure per severity, per tag, or per stack. Daily or instant - your choice.

Personal Dashboard

KPI charts scoped to your watched tags: severity breakdown, priority distribution, patch gap, and a "patch now" list of what needs immediate attention.

REST API & CI/CD Gate

Programmatic CVE search, manifest scanning, and deploy blocking. POST your lockfile, get a pass/fail result with fix commands.

A better alternative to the CVE tracker you're using today

Honest, side-by-side comparison – including features we don't have. See the full matrix →

OCVE
OpenCVE Open-source self-hosted
CVED
CVE Details Free NVD frontend
VLN
Vulners API aggregator
SA
SecAlerts Stack alerts (paid)

Logos are trademarks of their respective owners. Used for nominative comparison purposes.

And that's just the beginning

Weekly Digest - personalized summary every Monday: top CVEs, new POCs, severity stats
Compliance Dashboard - DORA/NIS2 ICT provider risk tracking, CVE triage with owner assignment & due dates
Attack Techniques - CVEs mapped to MITRE ATT&CK techniques with knowledge cards and trend charts
Trends & Analytics - severity trends, CVSS/EPSS scatter, top CWEs, vendor trends, OWASP Top 10 distribution
Vendor Scorecards - risk rankings for all tracked vendors: CVE count, KEV/POC rate, patch gap, response time
Critical Watch - AI-curated daily top 3-5 most important CVEs with reasoning, right on your home feed
Saved Filters - build multi-condition CVE queries, name them, pin to nav - CVSS range, KEV, POC, tags, dates
Jira Integration - push CVEs directly to your Jira project as issues from the CVE detail page
Public Vulnerability Scanner - paste a dependency list or upload a manifest - instant results, no account needed
RSS Feeds - subscribe to CVE and ZDI feeds, filterable by severity, KEV, POC, or decision label
Smart Search - search by CVE ID, description, tag, EUVD ID, GHSA, or product/version (e.g. nginx/1.26)
CVE Groups - related CVEs automatically clustered (e.g. Patch Tuesday batches) for easier triage

Currently tracking 67,836 CVEs

Real vendors, products, and attack techniques - updated every 30 minutes.

Top vendors
Microsoft WordPress Linux Suse Red Hat Google Apple Oracle IBM Cisco Adobe Mozilla Apache Debian HP D-Link SAP Intel Tenda Qualcomm
Top products
PHP Linux Kernel Debian Linux Java Android Chrome Mac Os X Ubuntu Linux Iphone Os Windows Opensuse Firefox Windows Server 2008 Internet Explorer Ubuntu Python Windows Server 2012 Safari Flash Player Enterprise Linux Desktop Windows Server 2016 Acrobat Enterprise Linux Server Enterprise Linux Workstation Windows 7
Attack techniques
Information Disclosure Denial Of Service XSS RCE Buffer Overflow Authentication Bypass SQLi Privilege Escalation Path Traversal CSRF Memory Corruption Code Injection Command Injection Use After Free Null Pointer Dereference

Enriched from 17+ authoritative sources

We cross-reference every CVE against government databases, vendor advisories, and community intelligence.

NVD
NVD CVSS, CPE, CWE
MITRE
CVE.org Primary CVE data
CISA
CISA KEV Known exploited
EPSS
EPSS Exploit probability
ENISA
ENISA EUVD EU advisories
GitHub Advisory GHSA & MAL
RH
Red Hat RHSA advisories
Ubuntu USN notices
DEB
Debian DSA/DLA
ATT&CK
MITRE ATT&CK Techniques & groups
CIRCL
CIRCL Sightings, CSAF
OSV
OSV Ecosystem advisories
ZDI
ZDI Zero Day Initiative
MISP
MISP Galaxies Threat actors
VDB
VulDB Exploit intel

Why not just use NVD?

NVD gives you raw data. CVSS score, CWE ID, CPE string. You still need to figure out: is this in my stack? Should I drop everything? Is there a patch? Is someone already exploiting it?

vuln.today gives you answers. Priority score, decision label, patch status, POC availability, vendor response, and a plain-language summary of what the vulnerability actually does.

NVD has one source. We cross-reference 17+ feeds: CISA KEV, EPSS, EUVD, GitHub Advisory, Red Hat, Ubuntu, Debian, CIRCL, ATT&CK, ZDI, and more.

NVD updates in days. We analyze new CVEs within minutes and can alert you in Slack before most security teams even know about them.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy